Advantio Blog | PCI DSS Compliance, P2PE, PA-DSS, 3DS, PIN Security, ASV scans, Pen Testing, GDPR, ISO 27001, PSD2

Visa PIN Security Program: Sunset

Written by Advantio Team | 14 Nov 2023

 

Visa recently announced the sunset of its PIN Security compliance program, set to take effect from October 1st, 2023.Traditionally, Visa ensured entities' systems, devices, and processes complied with PCI PIN standards, crucial for maintaining transaction security and preventing fraud.

However, with the new changes, the Visa PIN Security Program will no longer validate Payment Card Industry (PCI) PIN security requirements. While the program becomes inactive, clients, processors, and service providers must continue adhering to PCI PIN security standards.

It's important to note that Visa's decision to enhance its compliance program should not be misconstrued as a decreased emphasis on the PCI PIN standard. Acquirers, Third Party Agents, and Processors are still required to comply with PCI PIN Security requirements, emphasizing the need for industry standards to maintain a secure payment ecosystem.

Effects of Visa Sunset:

  • The Visa sunset will impact the "Visa Global Registry of Service Providers," with PCI PIN validation types no longer listed once previous ones expire.
  • PTS devices Expired with Approvals from production can remain deployed but are recommended for replacement once added to the PCI’s PIN Transaction Security Devices with Expired Approvals list.
  • Scheduled submissions of compliance with PCI PIN Security Requirements are no longer required by Visa. However, those managing PINs for Visa or handling key management and PIN devices must still follow those requirements.
  • The sunset of the compliance program has not waived or altered any fees or obligations associated with a compromise resulting from a violation of the Visa Rules leading to the loss of Visa Account data with PIN.

New changes to PCI SLA:

SLA (Service Level Agreement) 30 calendar-day submission timelines for AQM (Assessor Quality Management) are moving to a 30 business-day SLA. As declared by the PCI SSC (PCI Security Standard Council), the updated submission timelines for AQM took effect on September 27th, 2023.

This change impacts submission review times and response preparations by the AQM, considering weekends, holidays, and office closures applicable to the United States of America. For example, if the submission occurred on December 1st, 2023, the PCI SSC's response would happen approximately on January 17th, 2024 (47 calendar days), excluding 14 weekend days and 3 holidays.

Need more information? Our expert team is available to answer your questions about the Visa PIN Security Program. Contact us today.
View full post